VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Deployment Requirements for a vSphere Client Remote Plug-in

To prepare a remote plug-in for deployment, you must prepare at least one file and launch one or more processes. The simplest plug-in can be implemented with a single back-end server and a plug-in manifest file that describes the extension views and other details about the plug-in.
Deployment of a remote plug-in takes place at run time, but you must make preparations in advance. You need to do the following to prepare for plug-in deployment:
  • Run a web server that provides plug-in components on demand.
  • Run your plug-in server binary. The plug-in server runs on a virtual or physical machine of your choice, but it must be the same machine as the web server.
  • Prepare a plug-in manifest file,
    plugin.json
    , that specifies the plug-in components. See also . The manifest file must be accessible by HTTPS, on the same machine as the web server.
  • Register your plug-in with a vCenter Server instance. You can register either by using the registration script in the SDK or by writing your own registration tool. In either case, you need the URL and credentials to access the vCenter Server instance. You also need the security certificate or thumbprint of your plug-in manifest server, and the URL of your plug-in manifest file. The connection should be secure HTTP (HTTPS).
For production installations, a best practice is to create a registration tool that does not expose vCenter Server credentials on the command line.
When registering the plug-in, it's highly recommended to provide the SSL certificate of the plug-in server in addition to the thumbprint of the SSL certificate of the plug-in server. Performing a full SSL certificate check during SSL handshake is more secure than performing an SSL certificate thumbprint check. Furthermore, in future vSphere releases, support for SSL certificate thumbprints will be dropped and full SSL certificates will be required.
To register a plug-in by using the script in the SDK, you use the
registerPlugin
 function of the
extension-registration
 script. The script arguments are demonstrated in the following example.
./extension-registration.sh  -action registerPlugin  -remote \
-url https://myvcenter/sdk \
-username administrator@vsphere.local  -password mysecret \
-key com.mycompany.myplugin  -version 1.0.0 \
-pluginUrl https://mydevbox:8443/myplugin/plugin.json \
-serverThumbprint 19:FD:2B:0E:62:5E:0E:10:FF:24:34:7A:81:F1:D5:33:\
19:A7:22:A0:DA:33:27:07:90:0F:8E:8D:72:F1:BD:F1 \
-serverCertificateFile /tmp/plugin-server.cer \
-vCenterServerThumbprint 2A:0E:3C:1F:73:6F:1F:21:00:35:45:8B:92:02:E6:44:\
2A:B8:33:B1:EB:44:38:18:A1:10:9F:9E:83:02:CE:02 \
-c 'Example, Inc.'  -n 'Remote Plug-in'  -s 'This is a remote plug-in'
To register a plug-in by means of your own tool, you must create an
Extension
 type record in the
ExtensionManager
 managed object. The
Extension
 record must describe the plug-in manifest server in two places:
client[0]
 and
server[0]
. These two array entries are similar in several properties, but have important differences:
  • The
    client
     array, which has type
    ExtensionClientInfo[]
    , contains the plug-in version in the first element. This is required so that the vSphere Client can manage plug-ins correctly.
  • The
    client
     array must have a
    type
     property with a value of
    vsphere-client-remote
     in the first element.
  • The
    server
     array, which has type
    ExtensionServerInfo[]
    , must have a
    type
     property with any value you choose in the first element. A best practice is to assign the value
    MANIFEST_SERVER
     to the first element of the array, to identify the manifest server for the plug-in.
  • To support HTTPS connections, the
    server
     array must have either
    serverThumbprint
     or
    serverCertificateFile
     or both in the first element. Property
    serverThumbprint
     takes the value of the SHA-256 hash of the server certificate, while
    serverCertificateFile
     takes the value of the PEM-encoded server certificate (string).
    HTTP connections are not recommended for production use with the vSphere Client.
Both the
client
 array and the
server
 array must have the same value in the
url
 property of the first array element. The value must be the URL of the plug-in manifest server.
For information about the plug-in manifest, see Sample Manifest File for a Remote Plug-in. For information about auxiliary plug-in processes, see Using Auxiliary Plug-in Servers. For information about the plug-in registration script, see vSphere Client Plug-in Registration Tool.

Content feedback and comments